Cloud Foundry Operations For Beginners

Cloud Foundry Operations

Part 1.

BOSH basics

As a CF operator

I can deploy the Cloud Foundry platform

So that my users can self-serve their app deployment

Deploying your Cloud

BOSH Basics

What is a Cloud?

Technical

  • Virtual infrastructure
    • VMs
    • Networks
    • Disks
  • Driven by an API

Cultural

  • Automated, repeatable operations
  • Agile, unimpeded development

"Cloud is about how you do computing, not where you do computing."

Paul Maritz

Chairman of the Board, Pivotal

Bosh Basics

BOSH Basics

What is BOSH?

BOSH is an open source tool for release engineering, deployment, lifecycle management, and monitoring of distributed systems.

BOSH Basics

Core Components

  • BOSH CPI - Cloud Provider Interface

    • create_vm, attach_disk, delete_vm
    • for: vSphere | Openstack | AWS | Azure | GCE | Garden
  • 1 x BOSH director, n x VMs running BOSH agents

BOSH Basics

Your environment...

  • Single VM “cloud” with BOSH director installed
  • Custom “container” CPI
  • Simulate VMs using containers

Simulate a cloud in a single VM!

BOSH Basics

Anatomy of BOSH Deployments

bosh-extended Created with Sketch. + = stemcell base O/S plus BOSH specifics (agent, monit, etc) manifest cluster config specification release versioned tarball containing ALL of the assets that will be deployed VM VM VM a cluster of VMs based on the stemcell, running release software deployment runtime-config IaaS-agnostic configuration that applies to all deployments (e.g. anti-virus, metrics, logging) IaaS-specific configuration that applies to all deployments (e.g. VM sizes, disk sizes) cloud-config

BOSH Basics

Basic Commands

  bosh stemcells
  bosh releases
  bosh deployments
  bosh manifest

As a CF operator

I can deploy the Cloud Foundry platform

So that my users can self-serve their app deployment

Part 2.

BOSH HA

As a BOSH operator

I understand BOSH HA

So I can be confident my deployment is resilient

BOSH HA

What are we going to do?

CF Logo
  • What is a BOSH Cluster?
  • VM Availability
  • Process Availability

BOSH HA

Recapping...

BOSH Recap

BOSH HA

BOSH Agent

BOSH Agent
  • Part of the stemcell
  • Communicates with BOSH
  • Critical to availability

BOSH HA

Recovering Failed VMs

BOSH Agent
Who likes being paged?

  • Health monitor pings VMs
  • If the VM doesn’t respond BOSH recreates it

BOSH HA

Recovering Failed Processes

monit
Who likes being paged?

  • Processes are running software
  • Monit starts and monitors running processes
  • If the process isn’t running, monit restarts it

As a BOSH operator

I understand BOSH HA

So I can be confident my deployment is resilient

Part 3.

Cloud Foundry basics

As a CF operator

I can provision a new CF user

So that user can deploy their app

CF Basics

What are we going to do?

CF Logo
  • Cloud Foundry benefits
  • Architecture
  • Users, roles, orgs and spaces
  • App basics

CF Basics

Cloud Foundry Benefits

CF Logo
  • Application Lifecycle & Availability
  • Security
  • Service integration
  • Routing and Domains
  • Logging & Metrics

CF Basics

Cloud Foundry Architecture

Cloud Foundry Architecture
  • Cloud Controller - REST API
  • Diego Brain - allocates the workload
  • Diego Cell(s) - run the apps

CF Basics

Multitenancy in Cloud Foundry

Organizations: Provide a mechanism to segregate tenants in a Cloud Foundry installation.

  • Quotas
  • Domains (example.com)

CF Basics

Multitenancy in Cloud Foundry

Spaces: Used to divide organizations (commonly as “development”, “staging”, etc)

  • Fully Qualified Domain Names (myapp.example.com)
  • Security Groups (outbound app traffic)
  • Services
  • Apps

CF Basics

Role-based access control

Users: Assigned to roles in Orgs and/or Spaces.

Roles: Users can have one or more. E.g:

  • Admin

  • Org Manager

  • Space Manager

  • Space Developer

CF Basics

Applications

Applications

  • Scoped to a space
  • Accessible via 0 or more routes
  • Runtime dependencies provided by buildpacks

CF Basics

Controlling Outbound Access

Application Security Groups

Egress networking for applications

As a CF operator

I can provision a new CF user

So that user can deploy their app

Part 4.

CF Monitoring

As a CF operator

I can monitor Cloud Foundry apps

so I know about problems before they affect my users

CF Monitoring

What are we going to do?

CF Logo
  • Loggregator
  • Common commands
  • Integration with other services

CF Monitoring

Loggregator

Loggregator: Aggregates and streams logs and metrics from all apps and CF components

CF Monitoring

CLI Log Access

cf logs <app name> [--recent]

cf events <app name>

cf app-nozzle and cf nozzle

CF Monitoring

Using purpose-built systems with Loggregator

  • Log Drains: Send logs to external syslog-compliant service (ex. ELK, papertrail)

  • Nozzles: The programs that enable you to do this, and which filter/manipulate data

As a CF operator

I can monitor Cloud Foundry apps

so I know about problems before they affect my users

Part 5.

Scaling

As a CF operator

I can scale Cloud Foundry

To provide additional capacity to my users

Scaling

What are we going to do?

CF Logo
  • Vertical Scaling
  • Horizontal Scaling
  • Platform Scaling

Scaling

Vertically

Adding Resources: More memory, compute, etc.

  • Platform: Larger VMs
  • Apps: Larger Containers

Scaling

Horizontally

Adding Instances

  • Platform: More VMs
  • Apps: More app instances (balanced across cells)

Scaling

What should I do?

Should I scale out or up?

  • First, right size VMs
  • Then, scale out (add instances)

As a CF operator

I can scale Cloud Foundry

To provide additional capacity to my users

Part 6.

CF Services

As a CF operator

I can add a MySQL service to Cloud Foundry

So that apps can store state

CF Services

What are we going to do?

CF Logo
  • Services, Brokers and Binding
  • BOSH Errands

CF Services

App Execution in Cloud Foundry

Cloud Foundry runs stateless apps

  • Immutable
  • Scalable
  • Disposable

CF Services

Storing State in Cloud Foundry

If CF runs stateless apps

where does the data go?

  • In external data stores available as services.
  • Many BOSH releases for data services - see bosh.io

CF Services

Accessing Data in Cloud Foundry

Service Brokers
Service Broker API
  • Register data service with Cloud Foundry (cf marketplace)
  • Provision service (cf create-service)
  • Provide connection credentials (cf bind-service)

CF Services

Errands and Instances

How do I get a service broker registered?

… with a BOSH errand

  • Instances: Long-running (VMs running software)
  • Errands: Run once (tasks)

As a CF operator

I can add a MySQL service to Cloud Foundry

So that apps can store state

Part 7.

Upgrading with BOSH

As a CF operator

I can upgrade Cloud Foundry

With no interruption to my users

Upgrading with BOSH

What are we going to do?

CF Logo
  • Zero Downtime Deployments
  • When to Upgrade
  • Life without BOSH…

Upgrading with BOSH

Day 2 optimizations

Updating without downtime
  update:
    canaries: 1
    max_in_flight: 1
  ...
  • Canaries: # of failures that will trigger a roll back
  • Max in Flight: Concurrent upgrades
    • max_in_flight must be less than # of instances!

Upgrading with BOSH

When to Upgrade?

When should we upgrade?

  • Regularly - generally cannot “skip” versions

  • New CF stemcell, buildpack, and component versions ~ every week.

  • You should be upgrading during working hours!

Upgrading with BOSH

Coping with boredom

  • Weeks of manual work is automated
    • Provisioning servers
    • Installing base OS
    • Installing services
    • Updating config
  • With zero downtime (with full scale deployment)

Upgrading with BOSH

Life without BOSH

Environments without BOSH...

Why would you?

What is in your organization?
  • How many VMs?
  • How many applications?
  • What happens when a CVE occurs in one component?

  • How could BOSH help you?

As a CF operator

I can upgrade Cloud Foundry

With no interruption to my users

Recap

Q&A

Speed    |    Simplicity    |    Control